urlscan.io logo urlscan.io
SecurityTrails logo

www.chasebenefits.com Open in urlscan Pro
159.53.60.174  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.chasebenefits.com/
Effective URL: https://www.chasebenefits.com/
Submission: On March 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 159.53.60.174, located in New York, United States and belongs to JPMORGAN-AS7743, US. The main domain is www.chasebenefits.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on July 20th 2023. Valid for: a year.
This is the only time www.chasebenefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 159.53.60.174 7743 (JPMORGAN-...)
2 23.51.114.33 16625 (AKAMAI-AS)
4 92.123.12.151 20940 (AKAMAI-ASN1)
1 92.123.12.147 20940 (AKAMAI-ASN1)
1 104.126.37.178 20940 (AKAMAI-ASN1)
16 5
9    159.53.60.174 (New York, United States)

ASN7743 (JPMORGAN-AS7743, US)
www.chasebenefits.com
2    23.51.114.33 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-51-114-33.deploy.static.akamaitechnologies.com
cdn.f9client.com
4    92.123.12.151 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-12-151.deploy.static.akamaitechnologies.com
www.chase.com
1    92.123.12.147 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-12-147.deploy.static.akamaitechnologies.com
secure.chase.com
1    104.126.37.178 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-178.deploy.static.akamaitechnologies.com
static.chasecdn.com
Apex Domain
Subdomains		 Transfer
9 chasebenefits.com
www.chasebenefits.com
253 KB
5 chase.com
www.chase.com — Cisco Umbrella Rank: 9376
secure.chase.com — Cisco Umbrella Rank: 19451
43 KB
2 f9client.com
cdn.f9client.com — Cisco Umbrella Rank: 46712
16 KB
1 chasecdn.com
static.chasecdn.com — Cisco Umbrella Rank: 9052
325 B
16 4
Domain Requested by
9 www.chasebenefits.com 1 redirects www.chasebenefits.com
4 www.chase.com www.chasebenefits.com
www.chase.com
2 cdn.f9client.com www.chasebenefits.com
cdn.f9client.com
1 static.chasecdn.com www.chase.com
1 secure.chase.com www.chase.com
16 5

This site contains links to these domains. Also see Links.

Domain
www.chase.com
Subject Issuer Validity Valid
www.chasebenefits.com
Entrust Certification Authority - L1M		 2023-07-20 -
2024-07-20		 a year crt.sh
cdn.f9client.com
GeoTrust RSA CA 2018		 2023-05-05 -
2024-05-06		 a year crt.sh
www.chase.com
Entrust Certification Authority - L1M		 2024-03-14 -
2025-03-14		 a year crt.sh
secure.chase.com
Entrust Certification Authority - L1M		 2024-03-20 -
2025-03-20		 a year crt.sh
static2.chasecdn.com
Entrust Certification Authority - L1M		 2024-03-14 -
2025-03-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.chasebenefits.com/
Frame ID: 35A397C88FB753833E000DBE82152212
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Your Chase Credit Card Guide to Benefits

Page URL History Show full URLs

  1. http://www.chasebenefits.com/ HTTP 301
    https://www.chasebenefits.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

311 kB
Transfer

478 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.chasebenefits.com/ HTTP 301
    https://www.chasebenefits.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.chasebenefits.com/
Redirect Chain
  • http://www.chasebenefits.com/
  • https://www.chasebenefits.com/
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
b07cbe8bb524eb245063652aef9da0070cc6550fd21a5d4065f850f4eb321d42
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; style-src 'self' https://*.f9client.com; script-src 'self' https://*.chase.com https://*.f9client.com https://www.google-analytics.com https://www.googletagmanager.com https://*.chasecdn.com; img-src 'self' data: https://*.chase.com https://www.google.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org; font-src 'self' data: https://*.f9client.com; connect-src 'self' https://www.google-analytics.com https://*.chase.com https://*.chasecdn.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org; media-src 'self'; frame-src 'self'; default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,no-store
Content-Encoding
gzip
Content-Security-Policy
frame-ancestors 'self'; style-src 'self' https://*.f9client.com; script-src 'self' https://*.chase.com https://*.f9client.com https://www.google-analytics.com https://www.googletagmanager.com https://*.chasecdn.com; img-src 'self' data: https://*.chase.com https://www.google.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org; font-src 'self' data: https://*.f9client.com; connect-src 'self' https://www.google-analytics.com https://*.chase.com https://*.chasecdn.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org; media-src 'self'; frame-src 'self'; default-src 'self'
Content-Type
text/html; charset=utf-8
Date
Fri, 22 Mar 2024 23:34:01 GMT
Expires
-1
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1;mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://www.chasebenefits.com/
Server
BigIP
font-v1.css
cdn.f9client.com/api3/file/1130242/default/ 		2 KB
550 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.f9client.com/api3/file/1130242/default/font-v1.css?__gda__=exp=1711164782~acl=/api3/file/1130242/default/font-v1.css*~hmac=897cb1c45a6aa0c660dc69b2e3671bb92b87aa7cf4487991e192494f98c38637
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.51.114.33 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-51-114-33.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dbd2cd2abff9f7293eb6429554669aca37dfe1aa49bedb79595685d3cc81e40f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date
Fri, 22 Mar 2024 23:34:03 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Checksum
23740a9530990151fc09c58e9b2cd023
Content-Length
302
bootstrap-5.1.3.min.css
www.chasebenefits.com/K-Chasebenefits/css/ 		160 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.chasebenefits.com/K-Chasebenefits/css/bootstrap-5.1.3.min.css
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
7f3ad8defa291d1804c1e7cd6b7a3f79e30b59f39a5389d6c6cc036c7eb00a07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:01 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Jun 2022 21:22:10 GMT
Content-Encoding
gzip
ETag
"1d884ebcd1252f7"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Transfer-Encoding
chunked
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
X-Xss-Protection
1;mode=block
Expires
-1
styles.min.css
www.chasebenefits.com/K-Chasebenefits/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.chasebenefits.com/K-Chasebenefits/css/styles.min.css
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
b80b18be3a7bdb70a1c3a4c530bb3b2c16bea84e96de784ef093fa85e42260e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:02 GMT
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1404
X-Xss-Protection
1;mode=block
Pragma
no-cache
Last-Modified
Wed, 22 Mar 2023 19:42:05 GMT
ETag
"1d95cf661672a3c"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
Expires
-1
General_BG.jpg
www.chasebenefits.com/K-Chasebenefits/images/ 		150 KB
157 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chasebenefits.com/K-Chasebenefits/images/General_BG.jpg
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
f971cb68ab100d516c4aef7c65896752989c29aad2da10da70ec06d296beb47b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Jun 2022 21:22:13 GMT
Content-Encoding
gzip
ETag
"1d884ebcedba8af"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Transfer-Encoding
chunked
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
X-Xss-Protection
1;mode=block
Expires
-1
General_BG_m2x.jpg
www.chasebenefits.com/K-Chasebenefits/images/ 		46 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chasebenefits.com/K-Chasebenefits/images/General_BG_m2x.jpg
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
e498424a2b9e79193a3921bc36bc4eb2bf557b5b3ba20746a0fad244d7a38038
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:02 GMT
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
49439
X-Xss-Protection
1;mode=block
Pragma
no-cache
Last-Modified
Mon, 20 Jun 2022 21:22:14 GMT
ETag
"1d884ebcf723e33"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
Expires
-1
chase.png
www.chasebenefits.com/K-Chasebenefits/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chasebenefits.com/K-Chasebenefits/images/chase.png
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
013bb82804c7134a389537cdc8c6464ac7a0ff45777aa37157b49a0b91039cbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:02 GMT
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1849
X-Xss-Protection
1;mode=block
Pragma
no-cache
Last-Modified
Mon, 20 Jun 2022 21:22:15 GMT
ETag
"1d884ebd00b1b4b"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
Expires
-1
transparent.png
www.chasebenefits.com/K-Chasebenefits/images/ 		924 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chasebenefits.com/K-Chasebenefits/images/transparent.png
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
7bf1e8a99caccf0c16154d8501130a2b5e453db4ddd8a22324f757f769af3c58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:02 GMT
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
623
X-Xss-Protection
1;mode=block
Pragma
no-cache
Last-Modified
Mon, 20 Jun 2022 21:22:16 GMT
ETag
"1d884ebd0a3b79c"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
Expires
-1
Reporting.js
www.chase.com/apps/chase/clientlibs/foundation/scripts/ 		87 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.12.151 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-12-151.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fdc9870e2c2433ffa1a9b035739f3dfc25d263c62dc7aaefed88ef99421ced31
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy frame-ancestors 'none'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'
content-encoding
gzip
date
Fri, 22 Mar 2024 23:34:02 GMT
strict-transport-security
max-age=31536000
server-timing
cdn-cache; desc=HIT, edge; dur=1, dtSInfo;desc="0", dtRpid;desc="-1720165974", ak_p; desc="1711150442229_34633623_1067347487_33_6200_8_109_219";dur=1
content-length
38259
x-xss-protection
1; mode=block
last-modified
Wed, 20 Mar 2024 02:20:50 GMT
x-amzn-trace-id
0.97771002.1711150442.3f9e6e1f
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=6472, s-maxage=14400
accept-ranges
bytes
x-content-security-policy
frame-ancestors 'none'
scripts.min.js
www.chasebenefits.com/K-Chasebenefits/js/ 		386 B
849 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.chasebenefits.com/K-Chasebenefits/js/scripts.min.js
Requested by
Host: www.chasebenefits.com
URL: https://www.chasebenefits.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.60.174 New York, United States, ASN7743 (JPMORGAN-AS7743, US),
Reverse DNS
Software
/
Resource Hash
f9719f934f64392fe9eccb0cf08fca50b10578d44f54435f9bf6405514eaddf9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Fri, 22 Mar 2024 23:34:02 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 20 Jun 2022 21:22:20 GMT
ETag
"1d884ebd3060f82"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
no-cache,no-store
Accept-Ranges
bytes
Content-Length
386
X-Xss-Protection
1;mode=block
Expires
-1
OpenSans.woff2
cdn.f9client.com/api3/fonts/google-fonts/default/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.f9client.com/api3/fonts/google-fonts/default/OpenSans.woff2
Requested by
Host: cdn.f9client.com
URL: https://cdn.f9client.com/api3/file/1130242/default/font-v1.css?__gda__=exp=1711164782~acl=/api3/file/1130242/default/font-v1.css*~hmac=897cb1c45a6aa0c660dc69b2e3671bb92b87aa7cf4487991e192494f98c38637
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.51.114.33 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-51-114-33.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3135160ee3b34e2d1e58bf80944a1ed2cef3f073528ea98f11916a397b4c6ac9

Request headers

Referer
https://cdn.f9client.com/api3/file/1130242/default/font-v1.css?__gda__=exp=1711164782~acl=/api3/file/1130242/default/font-v1.css*~hmac=897cb1c45a6aa0c660dc69b2e3671bb92b87aa7cf4487991e192494f98c38637
Origin
https://www.chasebenefits.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 22 Mar 2024 23:34:03 GMT
Cache-Control
public, max-age=86400
Connection
keep-alive
Checksum
4c9a4bc2b383253d953bad3699c3ab1b
Content-Length
15556
Content-Type
text/plain
cc.gif
secure.chase.com/events/analytics/public/v1/ 		43 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://secure.chase.com/events/analytics/public/v1/cc.gif?log=1&wa_cb=1711150443316.531282&url=https%3A%2F%2Fwww.chasebenefits.com%2F&pt=Your%20Chase%20Credit%20Card%20Guide%20to%20Benefits&sr=1600x1200&br=1600x1200&wa_fv=Not%20enabled&et=0&tz=GMT+1&tzo=+1&cd=24&jv=1.8.5&vt=unknwn&v1=7184352B36F4FCD7&ls=N&ch=COL&st=Classic&av=1.0.0&eid=af459e72-442c-461d-b35d-a60e21013c7a&clientId=2.0.4&mid=42674732519227319866165943629082588349&ad=1914845758%7CMCIDTS%7C17564%7CMCMID%7C42674732519227319866165943629082588349%7CMCAID%7CNONE%7CMCOPTOUT%7Cisoptedout-false%7CMCAAMLH%7C%7CMCAAMB%7C%7CMCCIDH%7C%7CMCSYNCSOP%7C411-17568%7CvVersion%7C2.3.0%7CIsCustom%7Ctrue&e=1
Requested by
Host: www.chase.com
URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.12.147 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-12-147.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy frame-ancestors 'none'
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires
Fri, 22 Mar 2024 23:34:03 GMT
content-security-policy
frame-ancestors 'none'
date
Fri, 22 Mar 2024 23:34:03 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-b3-traceid
Zf4Va-4sUNhMlsavkZDlmgAAAJE
server-timing
cdn-cache; desc=MISS, edge; dur=87, origin; dur=14, ak_p; desc="1711150443379_34633619_981614444_10114_160691_8_20_219";dur=1
content-length
43
x-xss-protection
1; mode=block
x-trace-id
Zf4Va-4sUNhMlsavkZDlmgAAAJE
pragma
no-cache
x-amzn-trace-id
0.93771002.1711150443.3a823f6c
x-frame-options
DENY
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
x-app-info
bv=DPS/dps-events/release%2F2024.02.11-22; pd=11ea
x-content-security-policy
frame-ancestors 'none'
tagmanagerextensions.js
www.chase.com/apps/chase/clientlibs/foundation/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.chase.com/apps/chase/clientlibs/foundation/tagmanagerextensions.js
Requested by
Host: www.chase.com
URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.12.151 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-12-151.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6fdd12c2d27293cbbb399d1f97fe7361e7d84cd298d0c9bb323e983433fb74da
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy frame-ancestors 'none'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'
content-encoding
gzip
date
Fri, 22 Mar 2024 23:34:03 GMT
strict-transport-security
max-age=31536000
server-timing
cdn-cache; desc=HIT, edge; dur=1, dtSInfo;desc="1", ak_p; desc="1711150443320_34633623_1067348268_22_6225_8_0_146";dur=1
content-length
2439
x-xss-protection
1; mode=block
last-modified
Thu, 29 Feb 2024 15:58:09 GMT
x-amzn-trace-id
0.97771002.1711150443.3f9e712c
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=663793, s-maxage=2592000
accept-ranges
bytes
x-content-security-policy
frame-ancestors 'none'
result
static.chasecdn.com/loc/ 		23 B
325 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://static.chasecdn.com/loc/result
Requested by
Host: www.chase.com
URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.178 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-178.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1e55aa2b82589793af93f12a735e41a24a737a395aee95da19eff7489cdc7702
Security Headers
Name Value
Strict-Transport-Security max-age=86400 ; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 22 Mar 2024 23:34:03 GMT
strict-transport-security
max-age=86400 ; preload
x-amzn-trace-id
0.ae257e68.1711150443.36b9eaab
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1711150443439_1753097646_918153899_17_5491_6_26_219";dur=1
content-length
23
expires
Fri, 22 Mar 2024 23:34:03 GMT
clientconfig.enableCCPA.js
www.chase.com/etc/chase/appsconfig/ 		42 B
641 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.chase.com/etc/chase/appsconfig/clientconfig.enableCCPA.js
Requested by
Host: www.chase.com
URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.12.151 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-12-151.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1583c781105a9ebdc56aa8be7dd5f3d25ab0893457606bb3ff5d4ca2a0b5ca74
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy frame-ancestors 'none'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'
date
Fri, 22 Mar 2024 23:34:03 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 20 Mar 2024 03:11:42 GMT
x-amzn-trace-id
0.97771002.1711150443.3f9e714e
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=116, s-maxage=300
server-timing
cdn-cache; desc=MISS, edge; dur=13, origin; dur=108, dtSInfo;desc="0", dtRpid;desc="-1204504148", ak_p; desc="1711150443329_34633623_1067348302_12111_5819_14_18_219";dur=1
accept-ranges
bytes
content-length
42
x-xss-protection
1; mode=block
x-content-security-policy
frame-ancestors 'none'
/
www.chase.com/apps/services/tags/https/www.chasebenefits.com/ 		53 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.chase.com/apps/services/tags/https/www.chasebenefits.com/
Requested by
Host: www.chase.com
URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.12.151 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-12-151.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
55bbbc84ce4e42a25f18d7dec2b764bd13ba35df24949a7851fc43e9b1e0e97f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy frame-ancestors 'none'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.chasebenefits.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'none'
date
Fri, 22 Mar 2024 23:34:03 GMT
strict-transport-security
max-age=31536000
server-timing
cdn-cache; desc=MISS, edge; dur=12, origin; dur=102, dtSInfo;desc="0", dtRpid;desc="-1754092987", dtTao;desc="1", ak_p; desc="1711150443348_34633623_1067348303_11487_5863_14_0_219";dur=1
content-length
53
x-xss-protection
1; mode=block
accept-ch
Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
x-amzn-trace-id
0.97771002.1711150443.3f9e714f
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=3600, s-maxage=3600
permissions-policy
ch-ua-full-version-list=("https://*.chase.com"),ch-ua-platform-version=("https://*.chase.com"),ch-ua-arch=("https://*.chase.com"),ch-ua-model=("https://*.chase.com"),ch-ua-bitness=("https://*.chase.com"),ch-ua-wow64=("https://*.chase.com")
timing-allow-origin
*
x-content-security-policy
frame-ancestors 'none'

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Hashtable function| PersonalizationCookie function| Parse function| PersistValues function| arrayContains function| SetPersonaCookie function| GetCookieDomain_LegacyMode function| GetCookieDomain function| GetCookie function| checkNameValuePair function| genLastUpdatedDate undefined| _PageTitle number| DebugMode object| _ScenarioName object| _StepName object| _ScenarioParams object| _SegmentGroup string| _AdCookie string| _RoutableTestTargetCookie boolean| _SetRoutableLogin string| _Delim boolean| RPT_Enabled object| _ValidFlashAdUrls function| RPT_Init function| RPT_SetPersonId function| RPT_ErrorPage function| RPT_ScenarioPage function| RPT_RecordEvent function| RPT_RecordTNTEvent function| RPT_RecordPageLoadEvent function| RPT_Impression function| RPT_Click function| RPT_ClickNoRedirect function| RPT_AddVariables function| RPT_AddTNTVariables function| clickthrough function| AdParam object| _AdParams function| _Show function| _Debug function| InitializeFPC boolean| _Initialized number| _InitStageCompleted function| _Init function| _Init2 function| _Clear function| _GetTarget function| _GetTargetName function| _TrackElement function| _OnChange undefined| _thirdParyHost undefined| _thirdPartyPath undefined| _clickedAd undefined| _conversionAd undefined| _Environment undefined| _ResolvedDomain boolean| _isThirdParty function| _ParseThirdPartyUrl function| _IsTaggedOffSite function| _IsImpliedOffSite function| _OnClick function| _SetConversionInfo function| _CheckConversion function| _BindAll function| _OnLoadError function| _OnLoad function| _ParamSearch function| _AdSearchUpdateObj function| _AdSearch function| _GetParmVal function| _Configure function| ApplyWebTrends function| _GetDcsId function| _Replace function| _GetDomain function| _IsNumeric function| _SetCookie function| PT_BuildLinkImpressionList function| updatePersonaCookie function| _runPixelTracker function| SetAMCVCookie object| CHASE function| _Bind function| _GetCookie function| chase_getElementsByClassName function| RPT_ScenerioPage object| dataLayer function| gtag object| analyticsLiteConfig object| analyticsLite object| VisitorApi string| cookiePattern function| IsJSEnabled object| pageDot

7 Cookies

Domain/Path Name / Value
www.chasebenefits.com/ Name: ppnet_4614
Value: !0HOXwhVyc0qFR4AknAWBwiWmDwLrtvxz+vAeKLpp91zQ0l9ek707epWWZaJgbsD4Rets7+QoFniTEA==
.chasebenefits.com/ Name: v1st
Value: 7184352B36F4FCD7
.chasebenefits.com/ Name: AMCV_EA673DFC5A2F19060A495C9C@AdobeOrg
Value: 1914845758|MCIDTS|17564|MCMID|42674732519227319866165943629082588349|MCAID|NONE|MCOPTOUT|isoptedout-false|MCAAMLH||MCAAMB||MCCIDH||MCSYNCSOP|411-17568|vVersion|2.3.0|IsCustom|true
.chasebenefits.com/ Name: PC_1_0
Value: lastUpdate=2024-03-23|lastSent=2024-03-23|
.chasebenefits.com/ Name: GW
Value: null|null|null|null|null|null
www.chasebenefits.com/ Name: fireOnce
Value:
www.chasebenefits.com/ Name: tml
Value: default

2 Console Messages

Source Level URL
Text
security error URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js(Line 94)
Message:
Refused to connect to 'https://dpm.demdex.net/id?d_ver=2&d_orgid=EA673DFC5A2F19060A495C9C@AdobeOrg' because it violates the following Content Security Policy directive: "connect-src 'self' https://www.google-analytics.com https://*.chase.com https://*.chasecdn.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org".
javascript error URL: https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js(Line 94)
Message:
Refused to connect to 'https://dpm.demdex.net/id?d_ver=2&d_orgid=EA673DFC5A2F19060A495C9C@AdobeOrg' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'; style-src 'self' https://*.f9client.com; script-src 'self' https://*.chase.com https://*.f9client.com https://www.google-analytics.com https://www.googletagmanager.com https://*.chasecdn.com; img-src 'self' data: https://*.chase.com https://www.google.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org; font-src 'self' data: https://*.f9client.com; connect-src 'self' https://www.google-analytics.com https://*.chase.com https://*.chasecdn.com https://ad.doubleclick.net https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://px.ads.linkedin.com https://insight.adsrvr.org; media-src 'self'; frame-src 'self'; default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block